AWS Security ChangesHomeSearch

AWS sap documentation change

Service: sap · 2025-04-25 · Documentation low

File: sap/latest/sap-AnyDB/rhel-ase-ha-settings.md

Summary

Updated documentation formatting: Added angle brackets to placeholder values (e.g., instance IDs, CIDR blocks), fixed markdown syntax for code blocks, and adjusted quotation marks for consistency.

Security assessment

Changes are primarily syntactic (placeholder formatting, markdown syntax fixes, and quote standardization). No evidence of addressing security vulnerabilities or adding new security guidance. Existing security-related statements about administrative privileges and least privilege remain unchanged.

Diff

diff --git a/sap/latest/sap-AnyDB/rhel-ase-ha-settings.md b/sap/latest/sap-AnyDB/rhel-ase-ha-settings.md
index 42d8a977e..863d6fbca 100644
--- a//sap/latest/sap-AnyDB/rhel-ase-ha-settings.md
+++ b//sap/latest/sap-AnyDB/rhel-ase-ha-settings.md
@@ -239 +237 @@ Run the following commands on both instances in the cluster.
-        aws ec2 modify-instance-attribute --instance-id i-xxxxinstidforhost1 --no-source-dest-check
+        aws ec2 modify-instance-attribute --instance-id <i-xxxxinstidforhost1> --no-source-dest-check
@@ -243 +241 @@ Run the following commands on both instances in the cluster.
-        aws ec2 modify-instance-attribute --instance-id i-xxxxinstidforhost2 --no-source-dest-check
+        aws ec2 modify-instance-attribute --instance-id <i-xxxxinstidforhost2> --no-source-dest-check
@@ -266 +264 @@ Modifying instance maintenance options will require admin privileges not covered
-    aws ec2 modify-instance-maintenance-options --instance-id i-xxxxinstidforhost1 --auto-recovery disabled
+    aws ec2 modify-instance-maintenance-options --instance-id <i-xxxxinstidforhost1> --auto-recovery disabled
@@ -269 +267 @@ Modifying instance maintenance options will require admin privileges not covered
-    aws ec2 modify-instance-maintenance-options --instance-id i-xxxxinstidforhost2 --auto-recovery disabled
+    aws ec2 modify-instance-maintenance-options --instance-id <i-xxxxinstidforhost2> --auto-recovery disabled
@@ -278 +276 @@ Modifying instance attributes will require admin privileges not covered by the I
-    aws ec2 modify-instance-attribute --instance-id i-xxxxinstidforhost1 --no-disable-api-stop
+    aws ec2 modify-instance-attribute --instance-id <i-xxxxinstidforhost> --no-disable-api-stop
@@ -281 +279 @@ Modifying instance attributes will require admin privileges not covered by the I
-    aws ec2 modify-instance-attribute --instance-id i-xxxxinstidforhost2 --no-disable-api-stop
+    aws ec2 modify-instance-attribute --instance-id <i-xxxxinstidforhost2> --no-disable-api-stop
@@ -391 +384 @@ This is applicable to both cluster nodes. Time synchronization is important for
-You can use Amazon Time Sync Service that is available on any instance running in a VPC. It does not require internet access. To ensure consistency in the handling of leap seconds, don't mix Amazon Time Sync Service with any other `ntp` time sync servers or pools.
+You can use Amazon Time Sync Service that is available on any instance running in a VPC. It does not require internet access. To ensure consistency in the handling of leap seconds, don’t mix Amazon Time Sync Service with any other `ntp` time sync servers or pools.
@@ -413 +404 @@ This is applicable to both cluster nodes. The cluster resource agents use AWS Co
-You can either edit the config file at `/root/.aws` manually or by using [`aws configure`](https://docs.aws.amazon.com/cli/latest/reference/configure/index.html) AWS CLI command.
+You can either edit the config file at `/root/.aws` manually or by using [aws configure](https://docs.aws.amazon.com/cli/latest/reference/configure/index.html) AWS CLI command.
@@ -418,3 +409,3 @@ You can skip providing the information for the access and secret access keys. Th
-    # aws configure
-    AWS Access Key ID [None]:
-    AWS Secret Access Key [None]:
+    aws configure
+    {aws} Access Key ID [None]:
+    {aws} Secret Access Key [None]:
@@ -481 +470 @@ Target | i-xxxxinstidforhost1
-The preceding steps can also be performed programmatically. We suggest performing the steps using administrative privileges, instead of instance-based privileges to preserve least privilege. CreateRoute API isn't necessary for ongoing operations.
+The preceding steps can also be performed programmatically. We suggest performing the steps using administrative privileges, instead of instance-based privileges to preserve least privilege. CreateRoute API isn’t necessary for ongoing operations.
@@ -486 +475 @@ Run the following command as a dry run on both nodes to confirm that the instanc
-    aws ec2 replace-route --route-table-id rtb-xxxxxroutetable1 --destination-cidr-block 172.16.0.23/32 --instance-id i-xxxxinstidforhost1 --dry-run --profile <aws_cli_cluster_profile>
+    aws ec2 replace-route --route-table-id <rtb-xxxxxroutetable1> --destination-cidr-block <172.16.0.23/32> --instance-id <i-xxxxinstidforhost1> --dry-run --profile <aws_cli_cluster_profile>
@@ -499 +488 @@ On EC2 instance 1, where you are installing SAP ASE database, add the overlay IP
-    ip addr add 172.16.0.23/32 dev eth0
+    ip addr add <172.16.0.23/32> dev eth0
@@ -506,5 +495,4 @@ This is applicable to both cluster nodes. You must ensure that both instances ca
-    # cat /etc/hosts
-    10.1.10.1 rhxdbhost01.example.com rhxdbhost01
-    10.1.20.1 rhxdbhost02.example.com rhxdbhost02
-    172.16.0.23 rhxvdb.example.com rhxvdb
-    
+    cat /etc/hosts
+    <10.1.10.1 rhxdbhost01.example.com rhxdbhost01>
+    <10.1.20.1 rhxdbhost02.example.com rhxdbhost02>
+    <172.16.0.23 rhxvdb.example.com rhxvdb>
@@ -537 +525 @@ Select a file system based on your business requirements, evaluating the resilie
-The SVM's DNS name is your simplest mounting option. The file system DNS name automatically resolves to the mount target's IP address on the Availability ZOne of the connecting Amazon EC2 instance.
+The SVM’s DNS name is your simplest mounting option. The file system DNS name automatically resolves to the mount target’s IP address on the Availability ZOne of the connecting Amazon EC2 instance.
@@ -574 +562 @@ You need to perform this step only on the primary Amazon EC2 instance for the in
-Review the mount options to ensure that they match with your operating system, NFS file system type, and SAP's latest recommendations.
+Review the mount options to ensure that they match with your operating system, NFS file system type, and SAP’s latest recommendations.
@@ -579 +567 @@ Use the following command to check that the required file systems are available.
-    # df -h
+    df -h
@@ -621 +609 @@ Using the overlay IP agent with a shared Amazon VPC requires a different set of
-In sharing VPC account, create an IAM role to delegate permissions to the EC2 instances that will be part of the cluster. During the IAM Role creation, select “Another AWS account” as the type of trusted entity, and enter the AWS account ID where the EC2 instances will be deployed/running from.
+In sharing VPC account, create an IAM role to delegate permissions to the EC2 instances that will be part of the cluster. During the IAM Role creation, select "Another AWS account" as the type of trusted entity, and enter the AWS account ID where the EC2 instances will be deployed/running from.
@@ -647 +635 @@ After the IAM role has been created, create the following IAM policy on the shar
-Next, edit move to the “Trust relationships” tab in the IAM role, and ensure that the AWS account you entered while creating the role has been correctly added.
+Next, edit move to the "Trust relationships" tab in the IAM role, and ensure that the AWS account you entered while creating the role has been correctly added.